Threat Intelligence Blog

LookingGlass Weekly Threat Intelligence Brief – August 25, 2015

Posted August 25, 2015

Welcome to the Cyveillance Weekly Threat Intelligence Brief

Threat intelligence is constantly evolving. We publish a weekly security brief for our customers, and provide the highlights to the public to keep you informed on the latest security incidents and threats. For the latest security news stories throughout the day, follow us on Twitter, and subscribe to our blog to stay up-to-date on findings from our analyst research reports!

Insurance/Healthcare

“One of the more recent of the data breaches is the Premera data breach, in which approximately millions of patients had their private information compromised. Lawsuits have followed, with plaintiffs alleging Premera Blue Cross did not properly or adequately secure customer information. The lawsuits allege negligence on Premera’s part. As of July 15, 2015, the number of lawsuits consolidated for pretrial proceedings sits at around 35, according to court documents. But […] more lawsuits could certainly be filed, given the massive number of patients affected by the cyber attack. Reports indicate that up to 11 million customers may have had their information compromised, although some reports put that number affected at around 4.5 million.”

“The Internal Revenue Service says cyber thieves may have accessed as many as 334,000 taxpayer accounts in a breach of its Get Transcript system, far more than the 114,000 accounts it originally estimated in May. The Get Transcript online service, suspended in May, is aimed at simplifying the process taxpayers use to retrieve their tax records. It enables taxpayers to review their tax account transactions, line-by-line tax return information or wage and income reported to the IRS for a specific tax year. By circumventing Get Transcript’s authentication protections, hackers are believed to have gained access to this taxpayer information, including Social Security numbers.”

“In October 2014, Kaspersky Lab started to research “Blue Termite”, an Advanced Persistent Threat (APT) targeting Japan. The oldest sample we’ve seen up to now is from November 2013. This is not the first time the country has been a victim of an APT. However, the attack is different in two respects: unlike other APTs, the main focus of Blue Termite is to attack Japanese organizations; and most of their C2s are located in Japan. […] Unfortunately, the attack is still active and the number of victims has been increasing.”

– SecureList

Legal and Regulations

“For the past week, international media has reported on the hack of extramarital site Ashley Madison and its parent company Avid Life Media, which has affected potentially tens of millions of site users, as well as spewed the alleged source code of the company’s products onto the dark web. The hackers behind the breach, who call themselves The Impact Team, first released snippets of the data back in July. After nearly 30 days, they then dumped 10GB of customer information, shortly followed by another 20GB of internal data. […] the hackers also posted a third data dump.”

“The Darkhotel advanced persistent threat (APT) group remains active. Researchers have uncovered this year new victims, new attack techniques, and new exploits. The activities of the Darkhotel APT were detailed by Kaspersky Lab in November 2014. The group has targeted organizations from across the world, with victims identified in sectors such as the defense industrial base, military-related organizations, energy policy makers, governments, NGOs, large electronics manufacturers, pharmaceutical companies, and medical providers. The threat actor, which appears to be Korean speaker, has used P2P torrents and highly customized spear phishing to deliver malware to victims. One interesting technique used by the cyber spies to install malware on the computers of business travelers in the Asia-Pacific region involved hacking hotel Wi-Fi networks.”

– Security Week

Retail

“A settlement between Target Corp. and Visa Inc. moves the retailer a step closer to resolving most of the financial claims against it from the 2013 data breach. […] Under the settlement announced Tuesday, Target will pay up to $67 million to cover the costs that Visa Inc. and issuers of Visa cards incurred when cyberthieves broke into Target’s data system. […] The hackers accessed the credit card data of at least 40 million Target customers during a three-week period in November and December 2013, one of the largest breaches of the data system of a U.S. company.”

“Court documents have revealed that Adobe has paid an “undisclosed sum” to settle customer allegations of “shoddy security protocols” after a cyber attack in 2013 resulted in the loss of 38 million customer records. The company has also been ordered to pay $1.2m in legal fees after the class action lawsuit by a number of affected consumers accused Adobe of having “subpar security systems”. Adobe admitted on 4 October 2013 to the loss of 2.9 million customer records including Adobe IDs, encrypted passwords and credit card information. However, that number had increased to 38 million by the end of October. The hack, which was discovered by independent researchers, also resulted in the loss of source code for products including Acrobat, ColdFusion and ColdFusion Builder.”

“The attempted attack on the high-speed train from Brussels to Paris, an attack foiled by the quick courageous action of three Americans and Briton, only highlights the vulnerability to attack of U.S. rail. Security experts say, however, that trains remain vulnerable to terrorist attacks. A recent study, which analyzed terrorist attacks over a 30-year period from 1982 to 2011, found that terrorists have shifted their focus in recent years away from attacking airlines to attacking subway and rail systems. The deadliest attacks in the decade 2002-2011 were against subway and commuter rail systems.”